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El the Claims: 



Please amend the claims as indicated below. 



1 . (Currently Amended) A method of managing a virtual private network, the method 
comprising: 

receiving a request for a given network device t o join a given virtual private network 
having a set of network devices, the request being received from thea given network device^the 
request having a given network device identifier that identifies the given network device; 

retrieving, from a network device memory set, a set of network device identifiers that 
identify all network devices in the set of network devices; 

forwarding a notify message to each network device in the set of network devices, the 
notify message including the given network device identifier; 

forwarding a join message to the given network device, the join message including the set 
of network device identifiers; aad 

establishing an encrypted communication tunnel between t he given network device and at 

least one of the set of network devices: and 

storing, in the network device memory set, the given network device identifier. 

2. (Currently Amended) The method as defined by claim 1 wherein establishing the encrypted 
communication tunnel further comprises, i n response to receipt of the notify message, at least 
one of the set of network devices communicating c ommunicat e s with the given network device 
to establish thes communication tunnel with the given network device. 

3. (Currently Amended) The method as defined by claim 1 wherein establishing the encrypted 
communicating nmnel further comprises, i n response to receipt of the join message, the given 
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network device communicatitiR Gomiiiuniea tes with at least one of the network devices in the set 
of network devices to establish the a communication tunnel with the at least one of the set of 
network devices. 

4. (Original) The method as defined by claim 1 wherein the request includes a network identifier 
identifying the given virtual private network. 

5. (Original) The method as defined by claim 1 wherein the total number of network devices in 
the set of network devices equals 2ero, the netwoik device memory set being a database that is 
established for the given virtual private network in response to receipt of the request 

6. (Original) The method as defined by claim 1 wherein the request is received from a packet 
based network. 

7. (Original) The method as defined by claim 1 further comprising: 
authenticating the request to confirm the identify of the given network device. 

8. (Original) The method as defined by claim 1 wherein each network identifier is an Internet 
Protocol address. 



9. (Original) The method as defined by claim 1 further comprising: 

receiving a remove message from a remove network device; 

retrieving all network device identifiers from the network device memory set; and 

forwarding a first message to all netwoik devices identified by retrieved network device 

identifiers, each first message including a remove identifier identifying the remove network 

device. 

10. (Original) The method as defined by claim 9 wherein the response to receipt of the first 
message, at least one of the netwoik devices in the set of network devices disconnects a 
communication tunnel between the at least one network device and the remove network device. 
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1 L (Original) The method as defined by claim 9 further comprising: 

forwarding a second message to the remove network device, the second message 
including the retrieved network device identifiers. 

12. (Original) The method as defined by claim 1 wherein the join message and notify message 
include data identifying the given virtual private network. 

13. (Original) The method as defined by claim 1 further comprising: 

generating the notify message and the join message. 

14. (Currently Amended) An apparatus for managing a virtual private network, the apparatus 
comprising: 

an input that receives a request for a given network device to join a given virtual private 
network having a set of network devices, the request being received from ihsja given network 
device* the request h aving a given network device identifier that identifies the given network 
device; 

data storage for storing a set of network device identifiers that identify all network 
devices in the set of network devices; 

a message generator that generates a notify message and a join message, the notify 
message including the given network device identifier, the join message including the set of 
network device identifiers; 

a request parser that parses the request to determine the given network device identifier 
for storage in the data storage; and 

a timnpl establishment component that establishes an encrypted communication tunnel 

between the given network device and at least one of the set of network devices: and 

an output that forwards one copy of the notify message to each network device in the set 
of network devices, the output also forwarding the join message to the given network device. 



Received from < 97826491 19 > at 10/14/03 1 :24:36 PM [Eastern Daylight Time] 



v 



03-Oct-M 12:08pm From-Stsubi ng.McGui nsss I Manaras LLP 978 264 9119 T-348 P. 008/021 F-715 

Serial No. 09/417,864 -5- Art Unit: 2663 

15. (Currently Amended) The apparatus as defined by claim 14 wherein in response to receipt of 
me notify message, at least one of the set of network devices communicates with the given 
network device to establish thea communication tunnel with the given network device. 

16. (Currently Amended) The apparatus as defined by claim .14 wherein the response to receipt of 
the join message, the given network device communicates with at least one of flie network 
devices in the set of network devices to establish thea communication tunnel with the at least 
one of the set of network devices. 

17. (Original) The apparatus as defined by claim 14 wherein the request includes a network 
identifier identifying the given virtual private network. 

18. (Original) The apparatus as defined by claim 14 wherein the total number of network devices 
in the set of network devices equals zero, the data storage including a database tbat is generated 
for the given virtual private network in response to receipt of the request. 

19. (Original) The apparatus as defined by claim 14 wherein the request is received from a packet 
based network. 

20. (Original) The apparatus as defined by claim 14 further comprising: 

an authentication module operatively coupled with the input, me authentication module 
authenticating the request to confirm the identity of the given network device. 

21. (Original) The apparatus as defined by claim 14 wherein each network identifier is an 
Internet Protocol address. 

22. (Original) The apparatus as defined by claim 14 wherein the input receives a remove message 
from a remove network device, the remove network device being one of the set of network 
devices, the apparatus further comprising: 
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retrieval logic that retrieves all network device identifiers from the network device 
memory set; and 

a removal message generator operatively coupled with the retrieval logic, the removal 
message generator generating a first message having a remove identifier identifying the remove 
network device, the output forwarding the first message to all network devices identified by 
retrieved network device identifiers. 

23. (Original) The apparatus as defined by claim 22 wherein in response to receipt of the first 
message, at least one of the network devices in the set of network devices disconnects a 
communication tunnel between the at least one network device and the remove network device, 

24. (Original) The method as defined by claim 22 wherein the remove message generator 
generates a second remove message that is forwarded to the remove network device, the second 
remove message including the retrieved network device identifiers. 

25. (Currently Amended) The method as defined by claim Ui4& wherein the join message and 
notify message include data identifying the given virtual private network. 

26. (Currently Amended) A computer program product for use on a computer system for 
managing a virtual private network, the computer program product comprising a computer usable 
medium having computer readable program code thereon, a computer readable program code 
including: 

program code for receiving a request for a given network devicet o join a given virtual 
private network having a set of network devices, the request being received from thea given 
network devic e, the request having a given network device identifier that identifies the given 
network device; 

program code for retrieving, from a network device memory set, a set of network device 
identifiers that identify all network devices in the set of network devices; 

program code for retrieving, from a network device memory set, a set of network device 
identifiers that identify all network devices in the set of network devices; 



Received from < 9782649119 > at 10(14103 1:24:36 PM [Eastern Daylight Time] 




03-Oct-M 12:08pm From-Steublng .McCuiness i Manaras LLP 978 264 9119 T-348 P. 010/021 F-715 

Serial No. 09/417,864 - 7 - Ait Unit: 2663 

program code for forwarding a notify message to each network device in the set of 

network devices, the notify message including the given network device identifier, 

program code for forwarding a join message to the given network device, the join 

message including the set of network device identifiers; aod 

pmflrflTn c ode for establishing an encrypted communication tun nel between the given 

network device and at least one of the set o f network devices: and 

program code for storing, in the network device memory set, the given network device 
identifier. 

^ 27. (Currently Amended) The computer program product as defined by claim 26 wherein in 

\ response to receipt of the notify message, at least one of the set of network devices 

^ communicates with the given network device to establish thea communication tunnel with the 

given network device. 

28. (Currently Amended) The computer program product as defined by claim 26 wherein in 
response to receipt of the join message, the given network device communicates with at least one 
of the network devices in the set of network devices to establish thea communication tunnel with 
the at least one of the set of network devices. 

29. (Original) The computer program product as defined by claim 26 wherein the request 
includes a network identifier identifying the given virtual private network. 

30. (Original) The computer program product as defined by claim 26 wherein the total number of 
network devices in the set of network devices equals zero, the network device memory set being 
a database that is established for the given virtual private network in response to receipt of the 
request 

3 1 . (Original) The computer program product as defined by claim 26 wherein the request is 
received from a packet based network. 
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32. (Original) The computer program product as defined by claim 26 further comprising: 

program code for authenticating the request to confirm the identity of the given network 

device. 

33. (Original) The computer program product as defined by claim 26 wherein each network 
identifier is an Internet Protocol address. 

34. (Original) The computer program product as defined by claim 26 further comprising: 

program code for receiving a remove message from a remove network device; 
program code for retrieving all network device identifiers from the network device 
memory set; 

program code for generating a first message having a remove identifier identifying a 
remove network device; and 

program code for forwarding the first message to all network devices identified by 
retrieved network device identifiers. 

35. (Original) The computer program product as defined in claim 34 wherein in response to 
receipt of the first message, at least one of the network devices in the set of network devices 
disconnects a communication tunnel between at least one network device and remove network 
device. 

36. (Original) The computer program product as defined by claim 34 further comprising: 

program code for generating a second message having the retrieved network device 
identifiers; and 

program code for forwarding the second message to the remove network device. 

36. (Original) The computer program product as defined by claim 34 further comprising: 

program code for generating a second message having the retrieved network device 
identifiers; and 

program code for forwarding the second message to the remove network device. 
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37. (Original)The computer program as defined by claim 26 wherein the join message and notify 



message include data identifying the given virtual private network. 

38, (Original) the computer program product as defined by claim 26 further comprising: 



program code for generating the join message. 

39. (Currently Amended) A method of managing a virtual private network having a set of 
member network devices, each member network device being identified by a device identifier, 
the method comprising: 



network devices, the storage device being updated as network devices are added to and removed 
from the virtual private network; 



request being received from the a given network devic e, the request having a given network 
device identifier that identifies the given network device and data identifying the virtual private 
network; 

generating a notify message having the given network device identifier; 

generating a join message having the device identifiers in the storage device; 

forwarding the notify message to each of the set of network devices; m& 

establishing an encrypted communication tunnel between the given network_device and at 

least one of the set of network devices: and 

forwarding the join message to the given network device. 

40- (Currently Amended) The method as defined in claim 39 wherein in response to receipt of the 
notify message, at least one of the set of network devices communicates with the given network 
device to establish the a communication tunnel with the given network device- 



program code for generating the notify message; and 



maintaining a storage device having the device identifier of each member of the set of 



receiving a request for a given network device t o join the virtual private network, the 
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41. (Currently Amended) The method as defined by claim 39 wherein in response to receipt of 
the join message, the given network device communicates with at least one of the member 
network devices to establish the a communication tunnel with the at least one member network 
device. 

42. (Original) The method as defined by claim 39 further comprising: 
authenticating the request to confirm the identity of the given network device. 

43. (Original) The method as defined by claim 39 further comprising: 
v \ receiving a remove message from a remove network device; 

retrieving all device identifiers from the storage device; and 
^ forwarding a first message to all network devices identified by retrieved device 

identifiers, each first message including a remove identifier identifying the remove network 
device. 

44. (Original) The method as defined by claim 43 wherein in response to receipt of the first 
message, at least one of the member network devices disconnects a communication tunnel 
between the at least one member network device and the remove network device. 

45. (Original) The method as defined by claim 43 further comprising: 

forwarding a second message to the remove network device, the second message 
including the retrieved device identifiers. 

46. (Currently Amended) A computer program product for use on a computer system for 
managing a virtual private network having a set of member network devices, each member 
network device being identified by a device identifier, the computer program product comprising 
a computer usable medium having computer readable program code thereon, the computer 
readable program code including: 
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program code for maintaining a storage device having the device identifier of each 

member of the set of network devices, the storage device being updated as network devices are 

added to and removed from me virtual private network; 

program code for receiving a request for a given n etwork device to join the virtual private 

network, the request being received from the. a given network device, the request having a given 

network device identifier that identifies the given network device and data identifying the virtual 

private network; 

program code for forwarding the notify message to each of the set of network devices; 

\ program code for establishing an encrypted communication tunnel between the given 

l\ Y * network device and at least one of the s et of network devices: and 

^jjt program code for forwarding the join message to the given network device, 

47. (Currently Amended) The computer program product as defined by claim 46 wherein in 
response to receipt of the notify message, at least one of the set of network devices 
communicates with the given network device to establish the« coimnunication tunnel with the . 
given network device. 

48. (Currently Amended) The computer program product as defined by claim 46 wherein in 
response to receipt of the join message, the given netwoik device communicates with at least one 
of the member network devices to establish the a communication tunnel with the at least one 
member network device. 

49. (Original) The computer program as defined by claim 46 further comprising: 

program code for authenticating the request to confirm the identity of the given network 

device. 

50. (Original) The computer program product as defined by claim 46 further comprising: 

program code for receiving a remove message from a remove network device; 
program code for retrieving all device identifiers from the storage device; and 
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program code for forwarding a first message to all network devices identified by retrieved 
device identifiers, each first message including a remove identifier identifying the remove 
network device. 

51. (Original) The computer program product as defined by claim 50 wherein in response to 
receipt of the first message, at least one of the member network devices disconnects a 
communication tunnel between the at least one member network device and the remove network 
device. 

52. (Original) The computer program product as defined by claim 50 further comprising: 

program code for forwarding a second message to the remove network device, the second 
message including the retrieved device identifiers. 

53. (Currently Amended) A method of managing a virtual private network, the method 
comprising: 

a given network device transmitting a request for the give n network device to join the 
virtual private network having a set of network devices, the request g iven network devic e h aving 
a given network device identifier that identifies the given network device; 

retrieving, from a network device memory set, a set of network device identifiers that 
identify all network devices in the set of network devices; 

forwarding a notify message to each network device in the set of network devices, the 
notify message including the given network device identifier; 

forwarding a join message to the given network device, the join message including the set 
of network device identifiers; aad 

establishi ng an encr ypted communication tunnel between the given network device and at 
least one of the set of network devices: and 

storing, in the network device memory set, the given network device identifier. 

54. (Currently Amended) The method as defined by claim 53 further comprising: 

receiving the notify message; 
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retrieving the given network device identifier from the received notify message; and 
^ , establishing the a communication tunnel to the given network device after the given 

network device identifier is retrieved. 
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